[Owasp-board] AppSec Brasil 2010 contract draft

Dave Wichers dave.wichers at owasp.org
Wed Apr 28 02:09:51 UTC 2010


Thanks for your efforts in getting this all organized. I think this is very
close. I made three edits and one comment. Please let me know how you would
suggest the document be reworded to address my 1 comment.

Before the OWASP foundation can agree to this and commit to paying almost
$5K U.S. to the organizing company, I think we need to see a budget defined
by the committee, that can be approved by the foundation. Then TURING needs
to work within the confines of that budget.

This budget, as approved by the Foundation, will define the allowed expensed
defined in this clause: " The obligations of the ORGANIZER: e)	To seek
authorization from the FOUNDATION before taking any actions that may incur
in any expenses to the EVENT;" (Note: FOUNDATION used be COMMITTEE in the
agreement, before I changed it).

The approved budget will be considered authorization of approved expenses.
Any expenses outside or above the budget would need to be submitted to the
Foundation for approval, not the COMMITTEE. Such requests should be passed
through the COMMITTEE, but the COMMITTEE is not authorized to expend funds
above and beyond the approved budget without Foundation approval.

This last paragraph doesn't need to go in the contract as its between OWASP
and the COMMITTEE, but since the FOUNDATION is the one that approves all
expenses, that is how all this would be covered in the contract.

If getting an approved budget in place before the contract is signed would
cause significant issues, then I suggest we adjust the contract to allow it
be signed now, but any event management payment would be contingent on a
budget for the event being approved by the Foundation. This approval should
happen reasonably soon, so should not pose a large risk to Turing.

If you have any concerns or suggestions related to what I'm proposing here,
please let me know. 

Thanks, Dave

-----Original Message-----
From: lucas.ferreira at gmail.com [mailto:lucas.ferreira at gmail.com] On Behalf
Of Lucas Ferreira
Sent: Monday, April 26, 2010 5:29 PM
To: Eoin; Kate Hartmann
Cc: dinis cruz; Matt Tesauro; OWASP Foundation Board List; organizacao2010;
Dave Wichers; Jeff Williams
Subject: Re: [Owasp-board] AppSec Brasil 2010 contract draft

Hello All,

here is a second version of the agreement. It incorporates all the changes
and comments I received from the first version.

Please review it so we can have it signed ASAP. We already have sponsors
that want to pay and expenses we need to make.

Thanks,

Lucas

On Thu, Apr 22, 2010 at 22:13, Lucas Ferreira <listas at sapao.net> wrote:
> As I promised, here are the the fees and taxes we will need to pay to 
> the Instituto Turing regarding AppSec Brasil 2010:
>
> On all income: 8.25% as federal taxes.
>
> Fixed: BRL 7400.00 as administrative expenses (accountant, bank fees, 
> etc)
>
> On all profits sent to the OWASP Foundation: 25% (federal taxes) plus 
> banking fees.
>
> We won't have to pay the Instituto Turing as they prefer being an 
> event sponsor instead of changing us.
>
> I'll ask them to list all these fees on the contract.
>
> Regards,
>
> Lucas
>
> PS: please forward this to the board list. My emails to this list are 
> bouncing back.
>
> On Thu, Apr 22, 2010 at 14:34, Lucas Ferreira <listas at sapao.net> wrote:
>> Hello Eoin,
>>
>> On Thu, Apr 22, 2010 at 13:26, Eoin <eoin.keary at owasp.org> wrote:
>>> Hey,
>>>
>>> Had a few seconds re this contract;
>>>
>>> Fund management is being done by the organiser, is this the usual 
>>> for Brazil? Is there are % the event organiser is entitled to?
>>
>> In accordance to Brazilian laws, we need a legally registered entity 
>> to make the conference happen (more clearly: we cannot receive any 
>> money if we do not exist to the government). So we decided to seek 
>> the help of an existing entity instead of registering a new one, due 
>> to time and bureacratic constraints.
>>
>> We haven't finished the negotiation on the percentages. I'll send 
>> more info on that ASAP.
>>
>>>
>>> Liability:
>>> We are liable for injury etc if the Organiser gets hurt, is this 
>>> standard procedure?
>>
>> I'm not sure. I'll verify that.
>>
>>> We are liable for expenses also, is this all expenses?
>>
>> All approved expenses. Since they cannot make expenses without 
>> approval, we are not liable for non-approved expenses. We could make 
>> thsi clearer in the contract also.
>>
>>>
>>> General question:
>>> Is the committee a legal entity? How does this work. Do individuals 
>>> need to be identified?
>>
>> No, we'll have to nominate each committee member.
>>
>> Regards,
>>
>> Lucas
>>
>>>
>>> Eoin
>>>
>>>
>>>
>>> On 22 April 2010 16:45, dinis cruz <dinis.cruz at owasp.org> wrote:
>>>>
>>>> Hey Lucas
>>>> Jeff has a Laywer's background and Dave usually looks at OWASP 
>>>> related contracts, so I'm CCing them (& the rest of the Board) to 
>>>> see if they have time to comment on this.
>>>> Sorry if you already replied to this, but can you provide more 
>>>> details on the current brazilian Non-Profit you have created 
>>>> (called "Instituto
>>>> Turing") , its structure, and what are your expectations for the 
>>>> OWASP US entitity?
>>>> Btw, great job on the organization of the next Brazilian conference 
>>>> :)
>>>>
>>>> Dinis Cruz
>>>>
>>>> On 22 April 2010 12:55, Lucas Ferreira <listas at sapao.net> wrote:
>>>>>
>>>>> Hello Dinis and Matt,
>>>>>
>>>>> we are drafting a contract to be signed by the Foundation and the 
>>>>> Brazilian Company that will handle AppSec Brasil 2010's 
>>>>> financials. We need this company to have a local presence in order 
>>>>> to be able to issue invoices and collect the right taxes and to 
>>>>> handle other requirements. These tasks can only be performed by an 
>>>>> entity legally registered with the Brazilian Government.
>>>>>
>>>>> We have a draft of the contract to be signed attached. Could you 
>>>>> please see if it is adequate?
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Lucas
>>>>>
>>>>>
>>>>> ---------- Forwarded message ----------
>>>>> From: Lucas Ferreira <listas at sapao.net>
>>>>> Date: Fri, Apr 16, 2010 at 18:01
>>>>> Subject: AppSec Brasil 2010 contract draft
>>>>> To: Kate Hartmann <kate.hartmann at owasp.org>
>>>>> Cc: organizacao2010 <organizacao2010 at appsecbrasil.org>,
>>>>> global_conference_committee
>>>>> <global_conference_committee at lists.owasp.org>
>>>>>
>>>>>
>>>>> Hello Kate,
>>>>>
>>>>> please find attached the proposed contract for the company that 
>>>>> will handle the financials for AppSec Brasil 2010. Please review 
>>>>> it and tell us what the next steps are.
>>>>>
>>>>> We already have one of the sponsors that wants us to send an 
>>>>> invoice and we need to have this agreement signed before we can do
that.
>>>>>
>>>>> Thanks,
>>>>>
>>>>> Lucas
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Homo sapiens non urinat in ventum.
>>>>
>>>>
>>>> _______________________________________________
>>>> Owasp-board mailing list
>>>> Owasp-board at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-board
>>>>
>>>
>>>
>>>
>>> --
>>> Eoin Keary
>>> OWASP Global Board Member
>>> OWASP Code Review Guide Lead Author
>>>
>>> http://asg.ie/
>>> https://twitter.com/EoinKeary
>>>
>>
>>
>>
>> --
>> Homo sapiens non urinat in ventum.
>>
>
>
>
> --
> Homo sapiens non urinat in ventum.
>



--
Homo sapiens non urinat in ventum.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: EventManagementAgreement.v2.doc
Type: application/msword
Size: 50176 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20100427/39e0ac49/attachment-0002.doc>


More information about the Owasp-board mailing list